Vous êtes sur la page 1sur 6

Sap Security SAP Security interview Questions: 1. What is the user type for a background jobs user?

Ans: 1system user, 2.communication user 2. How to distress shoot problems for background user ? Ans: using system Trace ST01 3. There are two options in the PFCG while modifying a role. One change authorizations and another expert mode-what is the difference between them? Ans: Change authorization: This option we will use when we make new role and modify ancient role Expert mode: i. Delete and recreate authorizations and profile (All authorizations are recreated. Values which had previously been maintained, changed or entered manually are lost. Only the maintained values for organizational levels remain.) ii. Edit ancient status (The last saved authorization data for the role is showed. This is not useful, if transactions in the role menu have been changed.) iii. Read ancient data and merge with new data (If any changes happen in SU24 Authorizations we have to use this) 4. If we give Organizational values as * in the master role and want to restrict the derived roles for a specific country, how do we do? Ans: we have to maintain org level for the country based on the plant and sales area etc in the derived Role 5. What is the table name to see illegal passwords? Ans: USR40 6. What is the table name to see the authorization objects for a user ? Ans: USR12

7. What are two main tables to maintain authorization objects ? Ans: USOBT, USOBX 8. How to secure tables in SAP? Ans: Using Authorization group (S_TABU_DIS, S_TABU_CLI) in T.Code SE54 9. What are the critical authorization objects in Security ? Ans: S_user_obj,s_user_grp, s_user_agr , s_tabu_dis, s_tabu_cli , s_develop ,s_program 10. Difference between USOBT and USOBX tables ? Ans: 1.USOBT-Transaction VS Authorization objects 2. USOBX- Transaction VS Authorization objects check indicators 11. Use of Firefighter application ? Whenever the request coming from the user for new authorization .the request goes to firefighter owner. FF owner proved the FF ID to normal user then the user (secu admin) will assign the authori to those users (end user) 12. Where do we add the FF ids to the SAP user ids ? Ans: go to Tcode /n/virsa/vfat >>goto fireFighter tab the give the ffID to firefighter with validity 13. How to make FF ids ? Ans: 14. Different types of users ? Ans: 1.Diolag user 2.service user 3.system user 4.communication user 5.refrences user 15. Different types of roles ? Ans: 1.Single role 2.Composite role 3.Derived role 16. Can a single role be used as master role? Ans: yes

17. How to make derived role ? Ans: go to PFCG type the Role name stating with Z .click on make role icon .Then right side u will find derive from here type the parent Role name 18. HR Security: How to make structural authorizations in HR ? Ans: 19. HR Security: What are the objects for HR and what is the importance of each HR object ? Ans: P_PERNR object is used by a Person to see data related to his Personal Number P_ORGXX HR: Master Data Extended Check 20. How to copy 100 roles from a client 800 to client 900? Ans: Add all 100 roles as one single composite Role and Transfer the Composite role automatically the 100 Role will transfer to the target client (Using SCC1) 21. User reports that they lost the access. We check in SUIM and no change docs foundHow do you distress shoot? Ans: may be user buffer full or role expired 22. What is the right procedure for Mass Generation of Roles? Ans: Using T.Code SUPC 32. What is the T.Code SQVI? What is the main usage of this SQVI? Ans: SQVI -Quick View 33. How can we maintain Organizational values? How can we make Organizational? Ans: PFCG_ORGFIELD_CREATE in tcode SA38 35. I want to see list of roles assigned to 10 different users. How do you do it? Ans: 1. Goto se16 > agr_users then mention the 10 users name 2. Goto SUIM > role by complex selection > type user names

36.What do you mean by User Buffer? How it works with the users Authorizations? Ans: User buffer means user context it contain user related information i.e.) authorizations, parameters, reports, earlier acceded screens .We can see the user context using T.Code SU56 37. What is the advantage of CUA from a layman/manager point of view? Ans: CUA used for maintain and manage the users centrally. 38. Values? What is the purpose of these Org. values? Ans: Values: its used for restrict the user by values e.g. Sale order value (1-100) it means user can make only 100 sales orders not more than that 40.What is the main purpose of Parameters Groups & Personalization tabs in SU01 and Miniapps in PFCG? Ans: 1.Parameter tab: its used to auto fills the some of the values during the creation of orders 2. Personalization tab is user to restrict the user in selection criteria E.g.: while selecting pay slip it will shows only last month pay slip by default. If u select the attendances it will shows current month by default 3. Miniapps- we can add some mini applications like calculator, calendar etc 41. How many maximum profiles we can assign to one user? Ans:312 Q. SAP Security T-codes Frequently used security T-codes SU01 - Create/ Change User SU01 Create/ Change User PFCG - Maintain Roles SU10 - Mass Changes SU01D - Display User SUIM - Reports ST01 - Trace SU53 - Authorization analysis Q How to create users? Execute transaction SU01 and fill in all the field. When creating a new user, you must enter an initial password for that user on the Logon data tab. All other data is optional. Q What is the difference between USOBX_C and USOBT_C? The table USOBX_C defines which authorization checks are to be performed within a

transaction and which not (despite authority- check command programmed ). This table also determines which authorization checks are maintained in the Profile Generator. The table USOBT_C defines for each transaction and for each authorization object which default values an authorization created from the authorization object should have in the Profile Generator. Q What authorization are required to create and maintain user master records? The following authorization objects are required to create and maintain user master records: S_USER_GRP: User Master Maintenance: Assign user groups S_USER_PRO: User Master Maintenance: Assign authorization profile S_USER_AUT: User Master Maintenance: Create and maintain authorizations Q List R/3 User Types Dialog users are used for individual user. Check for expired/initial passwords. Possible to change your own password. Check for multiple dialog logon A Service user - Only user administrators can change the password. No check for expired/initial passwords. Multiple logon permitted System users are not capable of interaction and are used to perform certain system activities, such as background processing, ALE, Workflow, and so on. A Reference user is, like a System user, a general, non-personally related, user. Additional authorizations can be assigned within the system using a reference user. A reference user for additional rights can be assigned for every user in the Roles tab. Q What is a derived role? Derived roles refer to roles that already exist. The derived roles inherit the menu structure and the functions included (transactions, reports, Web links, and so on) from the role referenced. A role can only inherit menus and functions if no transaction codes have been assigned to it before. The higher-level role passes on its authorizations to the derived role as default values which can be changed afterwards. Organizational level definitions are not passed on. They must be created anew in the inheriting role. User assignments are not passed on either. Derived roles are an elegant way of maintaining roles that do not differ in their functionality (identical menus and identical transactions) but have different characteristics with regard to the organizational level. Follow this link for more info Q What is a composite role? A composite role is a container which can collect several different roles. For reasons of clarity, it

does not make sense and is therefore not allowed to add composite roles to composite roles. Composite roles are also called roles. Composite roles do not contain authorization data. If you want to change the authorizations (that are represented by a composite role), you must maintain the data for each role of the composite role. Creating composite roles makes sense if some of your employees need authorizations from several roles. Instead of adding each user separately to each role required, you can set up a composite role and assign the users to that group. The users assigned to a composite role are automatically assigned to the corresponding (elementary) roles during comparison. Q What does user compare do? If you are also using the role to generate authorization profiles, then you should note that the generated profile is not entered in the user master record until the user master records have been compared. You can automate this by scheduling report FCG_TIME_DEPENDENCY on a daily.

Vous aimerez peut-être aussi